Attempts to connect to Axway SFTP server result in publickey auth loopin

Darren Tucker dtucker at dtucker.net
Fri Feb 23 23:31:47 AEDT 2018


On 23 February 2018 at 23:07, Philipp Marek <philipp at marek.priv.at> wrote:
>
>> +       struct identity *sent_signed_id;
>
> What happens if the server is configured to allow two different SSH keys?
> Wouldn't that then cycle between these two?

I don't think so.  I think once both have succeeded neither will be
sent and it'll drop through to "we did not send a packet, disable
method" and either move to the next method or fail if there are no
more.

sent_signed_id is used to track the key that was just used to sign the
challenge from the server.  The state of the keys is stored in a list
of Identity structures.

When the reply comes back after setting sent_signed_id there's 3 cases:
 - failure: no change in behaviour.  (maybe it should null out
sent_signed_id, although it should be set again before ever being
read).
 - partial success: we mark id->tried with IDENTITY_SUCCESSFUL.  The
non-zero value stops it from being sent again.
 - complete success: ssh_userauth2 immediately cleans up the identities.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list